Apple releases set of guidelines for govt. data request

May 8, 2014 - 13:49 AMT

PanARMENIAN.Net - Apple has publicly released a set of guidelines for law enforcement agencies to request data relating to the company's users, ZDNet reports.

The iPad and iPhone maker released the guide on Wednesday, May 7, which specifies what information can and cannot be lifted from devices after being issued disclosure requests, search warrants or court orders.

The legal resource is split up in to three parts, the first detailing general information relating to the guidelines, how agencies must proceed when requesting data, and what information Apple can reasonably provide.

The guidelines are specifically for law enforcement or other government entities in the US to use when seeking data concerning Apple device users.

Apple will accept subpoenas, search warrants, and court orders for documents by fax or mail from law enforcement agencies, and all subpoenas seeking witness testimony must either be personally served on Apple or served through Apple’s registered agent. When requests are received to preserve data, Apple will hold information for 90 days before it is removed from the storage server, unless the request is renewed, according to ZDNet.

Apple is able to provide basic registration details including names, personal addresses, email addresses and telephone numbers, although the company notes that this data is not be verified on signup, and therefore will not necessarily be accurate. Records from Apple support, iTunes purchases, downloads and connection logs with IP addresses can be obtained with a subpoena or court order, but a search warrant is required for Apple to provide details of specific content downloads.

Additional details the tech giant can provide include point of sale transactions, online purchase data, shipping addresses, iCloud subscriber information, mail logs, and content within mailboxes -- but Apple cannot produce deleted content. This also applies to other iCloud content such as PhotoStream, documents, contacts, Calendars, and bookmarks, ZDNet says.

In terms of the Find my iPhone service, which allows users to track a missing device and remotely lock and wipe data, Apple can only provide connection logs. Law enforcement agencies sending requests for the activation of this feature will not be upheld by Apple, and no GPS data is stored on company servers for specific devices.

If Apple receives a valid search warrant, the company is able to extract "certain categories" of consumer data from passcode-locked iOS devices at the firm's headquarters. Specifically, SMS, photos, videos, contacts, audio recording, and call history can be extracted from devices running iOS 4 or later.

The firm will not keep copies of user data pertaining to the orders; instead, it remains "the responsibility of law enforcement agents" to preserve evidence.

In the second main section of the guidelines, Apple provides a Q&A for users and agencies seeking data. As part of the Q&A, the tech giant says that "any files and records produced for law enforcement that contain personally identifiable information must be destroyed after the related investigation, criminal case, and all appeals have been fully exhausted," and users will be notified if their data is being sought by law enforcement agencies - unless there is a non-disclosure order.

The final part of the guidelines, according to ZDNet, is a form (.PDF) for law enforcement to fill out when seeking information from the company. In addition, an "Emergency Disclosure Form" has been provided for situations involving "imminent danger of death or serious physical injury to any person [requiring disclosure] without delay."

Apple's dedication to transparency has increased since the worldwide outrage caused by the leak of confidential documents by former U.S. National Security Agency contractor Edward Snowden. Apple had always denied working with the NSA in the creation of product backdoors used to spy on users, and CEO Tim Cook said the NSA would have to cart Apple "out in a box" before the agency accessed company servers.